Question

1. Why is it important for mobile workers and users to know what the risks, threats, and vulnerabilities are when conducting remote access through the public Internet?

2. Why does the mock XYZ Health Care Provider need to define a remote access policy to properly implement remote access through the public Internet?

3. Why is a remote access policy definition a best practice for handling remote employees and authorized users who require remote access from home or on business trips?

4. What security controls, monitoring, and logging should be enabled for remote VPN access and users?

5. Why should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?

Answer 1

1. Why is it important for mobile workers and users to know what the risks, threats, and vulnerabilities are when conducting remote access through the public Internet?
Answer:-------- To ensure that they are aware of how easy it is to gain information from the public internet, especially when they are accessing confidential information.

2. Why does the mock XYZ Health Care Provider need to define a remote access policy to properly implement remote access through the public Internet?
Answer:-------- Without a proper policy to correctly define your Remote Access, any user will be able to insert and overwrite any details about the policy.

3. Why is a remote access policy definition a best practice for handling remote employees and authorized users who require remote access from home or on business trips?
Answer:-------- Designed to minimize the potential exposure of private information, which may result from unauthorized use of resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc

4. What security controls, monitoring, and logging should be enabled for remote VPN access and users?
Answer:-------- Multi-factor authentication of users and computers and a Password Lockout Policy and the controls needed for a VPN. An account and computer audit Policy will monitor and log events and can send notifications to System Administrators.

5. Why should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
Answer:-------- Users should be notified by way of the Acceptable Use Policy that they may be monitored for compliance and that their activities are logged. This protects the organization and the user and is instrumental in helping establish compliance.